Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

upgrade miekg and jwt-go to resolve vulnerabilities #5889

Merged
merged 1 commit into from
Nov 11, 2021
Merged

upgrade miekg and jwt-go to resolve vulnerabilities #5889

merged 1 commit into from
Nov 11, 2021

Conversation

steven0711dong
Copy link
Contributor

@steven0711dong steven0711dong commented Nov 10, 2021
edited
Loading

Fixes #

Proposed Changes

  • Known vulnerabilities in the github.com/miekg/dns package contains Denials of Service vulnerability
  • Known vulnerabilities in the github.com/dgrijalva/jwt-go package.
  • Both packages are reported to have vulnerabilities by snyk vulnerabilities DB.

Pre-review Checklist

  • At least 80% unit test coverage
  • E2E tests for any new behavior
  • Docs PR for any user-facing impact
  • Spec PR for any new API feature
  • Conformance test for any change to the spec

Release Note

Upgrade dependencies that contains vulnerabilities in snyk DB

Docs

@google-cla google-cla bot added the cla: yes Indicates the PR's author has signed the CLA. label Nov 10, 2021
@knative-prow-robot knative-prow-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Nov 10, 2021
@codecov
Copy link

codecov bot commented Nov 10, 2021
edited
Loading

Codecov Report

Merging #5889 (497e97f) into main (81afe0b) will increase coverage by 0.05%.
The diff coverage is n/a.

❗ Current head 497e97f differs from pull request most recent head efbe8d9. Consider uploading reports for the commit efbe8d9 to get more accurate results
Impacted file tree graph

@@            Coverage Diff             @@
##             main    #5889      +/-   ##
==========================================
+ Coverage   81.96%   82.01%   +0.05%     
==========================================
  Files         220      220              
  Lines        7458     7458              
==========================================
+ Hits         6113     6117       +4     
+ Misses        918      915       -3     
+ Partials      427      426       -1
Impacted Files Coverage Δ
pkg/reconciler/broker/trigger/trigger.go 83.33% <0.00%> (+2.56%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 81afe0b...efbe8d9. Read the comment docs.

@knative-prow-robot knative-prow-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Nov 10, 2021
@steven0711dong
Copy link
Contributor Author

/retest pull-knative-eventing-reconciler-tests

@knative-prow-robot
Copy link
Contributor

@steven0711dong: The /retest command does not accept any targets.
The following commands are available to trigger required jobs:

  • /test pull-knative-eventing-build-tests
  • /test pull-knative-eventing-conformance-tests
  • /test pull-knative-eventing-integration-tests
  • /test pull-knative-eventing-reconciler-tests
  • /test pull-knative-eventing-unit-tests
  • /test pull-knative-eventing-upgrade-tests

The following commands are available to trigger optional jobs:

  • /test pull-knative-eventing-go-coverage

Use /test all to run all jobs.

In response to this:

/retest pull-knative-eventing-reconciler-tests

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@steven0711dong
Copy link
Contributor Author

/test pull-knative-eventing-reconciler-tests

@steven0711dong steven0711dong changed the title upgrade miekg nad jwt-go to resolve vulnerabilities upgrade miekg and jwt-go to resolve vulnerabilities Nov 10, 2021
matzew
matzew approved these changes Nov 11, 2021
View reviewed changes
Copy link
Member

@matzew matzew left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@knative-prow-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: matzew, steven0711dong

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@knative-prow-robot knative-prow-robot added lgtm Indicates that a PR is ready to be merged. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Nov 11, 2021
@knative-prow-robot knative-prow-robot merged commit 91c1208 into knative:main Nov 11, 2021
@steven0711dong steven0711dong deleted the fix-vul branch November 11, 2021 15:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matzew matzew matzew approved these changes

Assignees

@matzew matzew

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cla: yes Indicates the PR's author has signed the CLA. lgtm Indicates that a PR is ready to be merged. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@steven0711dong @knative-prow-robot @matzew